harald/zeroclaw
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 3
zeroclaw/firmware
History
argenis de la rosa ccc48824cf security(deps): remove vulnerable xmas-elf dependency via embuild (fixes #399) 
Removes the unused "elf" feature from the embuild dependency in
firmware/zeroclaw-esp32/Cargo.toml.

Vulnerability Details:
- Advisory: GHSA-9cc5-2pq7-hfj8
- Package: xmas-elf < 0.10.0
- Severity: Moderate (insufficient bounds checks in HashTable access)

Root Cause:
- The embuild dependency (version < 0.33) relies on xmas-elf ~0.9.1
- The "elf" feature was enabled but not actually used

Fix:
- Removed features = ["elf"] from embuild dependency
- The build.rs only uses embuild::espidf::sysenv, which doesn't require elf
- xmas-elf dependency is now completely eliminated from Cargo.lock

Verification:
- cargo build passes successfully
- grep "xmas-elf" firmware/zeroclaw-esp32/Cargo.lock confirms removal

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-17 05:01:13 -05:00
..
zeroclaw-arduino Ehu shubham shaw contribution --> Hardware support (#306) 2026-02-16 11:40:10 -05:00
zeroclaw-esp32 security(deps): remove vulnerable xmas-elf dependency via embuild (fixes #399) 2026-02-17 05:01:13 -05:00
zeroclaw-nucleo Ehu shubham shaw contribution --> Hardware support (#306) 2026-02-16 11:40:10 -05:00
zeroclaw-uno-q-bridge Ehu shubham shaw contribution --> Hardware support (#306) 2026-02-16 11:40:10 -05:00